instawallet has fallen new owner stealing - page 3.

itsunderstood

sr. member

Activity: 364

Merit: 250

American1973

Quote from: AndreyE on April 03, 2013, 04:01:30 AM

3.2 BTC stolen from me, and 3.2 from a friend of mine

Find out who was on the board of this company. Do not use lawyers (except to consult with them perhaps) BUT LITIGATE LOCALLY AND PERSONALLY AGAINST THOSE BOARD-MEMBERS! Board-members have access to all IT people, through the nature of IT.

Time is money, so do it now. I only had < ten bucks in instawallet but will gladly advise any legal team. The only way to FORCE wallet holders on the web to be real, is to use the power of court fines against them. It is a fiscal responsibility of all who accept holding the money of the people of earth, that you harden your system, and act immediately, and openly, and FAST, when you get hacked.

What if Batman had 100,000 in instawallet? BTC I mean? The batcave miners need to hear what I am saying. Every hour you should be asking how many fly by night companies you will allow in your network.

greyhawk

hero member

Activity: 952

Merit: 1009

Aaaaaaaaand it's gone. Forever. This is an ~~ex-change~~, wait, I mean, this ship has banked, wait, I mean, it's bubble has popped.

JordanL

donator

Activity: 294

Merit: 250

Quote from: dave111223 on April 03, 2013, 07:59:47 AM

Looks like the whole site is offline now.

Quote

We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.

Please do not send funds to your address for the time being.

Stay tuned for further updates, thank you for your understanding.

Wow, shitty.

dave111223

legendary

Activity: 1190

Merit: 1001

Looks like the whole site is offline now.

AndreyE

member

Activity: 86

Merit: 10

3.2 BTC stolen from me, and 3.2 from a friend of mine

Raoul Duke

legendary

Activity: 1358

Merit: 1002

The matter about google indexing instawallet's pages was brought up on Torwallet's thread, yes.
Here is Davout saying it doesn't matter: https://bitcointalksearch.org/topic/m.979815

Quote from: davout on June 21, 2012, 10:35:28 AM

Quote from: topikwm on June 21, 2012, 04:10:20 AM

Quote from: vuce on June 20, 2012, 03:35:41 PM

As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.

Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: Phinnaeus Gage on March 28, 2013, 04:14:30 AM

http://blog.g0tmi1k.com/2009/07/video-stripping-ssl-sniffing-https.html

Yes, I've seen that before, and experimented with it, but it's not what I'm thinking of. That technique tricks the user into making a regular HTTP connection by modifying links. So if you visit http://yourbank.com/ and it has a link to https://online-banking.yourbank.com/ they effectively just remove the 's' after 'http' so you make a regular unencrypted connection, which they can then sniff.

http://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates is more the kind of thing I'm talking about. I break into a Dutch certificate authority's computers, and generate myself a certificate for instawallet.org. I then poison your DNS so you come to me instead of directly to instawallet.org, I present you with my ill-gotten certificate, and your browser shows you that you're connected securely and everything's encrypted and fine. I can choose to pass you on through to the real instawallet.org, or I can just steal your secret URL and present you with a message saying "restarting bitcoind takes all day, sorry" or similar.

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote from: dooglus on March 28, 2013, 03:04:17 AM

Quote from: davout on March 09, 2013, 08:25:37 PM

SSL encryption, makes it impossible to compromise a wallet by sniffing traffic between the client and the server.

Isn't it true that several certificate authorities have had their signing certificates stolen, meaning that it's possible for attackers to initiate man-in-the-middle attacks on SSL sites without alerting the end user? I don't know the details, but I'm sure I've read in several places that SSL isn't particularly secure given the number of CAs that most browsers trust by default.

http://blog.g0tmi1k.com/2009/07/video-stripping-ssl-sniffing-https.html

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: davout on March 09, 2013, 08:25:37 PM

SSL encryption, makes it impossible to compromise a wallet by sniffing traffic between the client and the server.

Isn't it true that several certificate authorities have had their signing certificates stolen, meaning that it's possible for attackers to initiate man-in-the-middle attacks on SSL sites without alerting the end user? I don't know the details, but I'm sure I've read in several places that SSL isn't particularly secure given the number of CAs that most browsers trust by default.

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

@davout

I trust your site, but allow me to play Devil's advocate.

Could a scammer do somthing similar to the following?

He meets his mark at Starbucks where one of his comrades has already sat up a URL sniffer. He has the mark whose new to the Bitcoin scene go to instawallet.org. A new wallet it generate. Money and bitcoins change hands.

A wise scammer would wait several days before attempting to steal back the funds with the hope that more would be in it now that the mark feels comfortable using the system, being too lazy to get another IW or exploring another client.

If I lived in Chicago and my name were Rockso, this is what I would attempt.

Injust

legendary

Activity: 1008

Merit: 1000

Instawallet now has a robots.txt file that blocks Google from indexing all Instawallet URLs with "/w/" in them.
Cheesy

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

What if a person sets up an RSS feed from Google, informing him each time the phrase "instawallet.org/w" is indexed? All the person would have to do is check the complete URL to see if it's funded.

I'm sure there are, or will be, people who'll think they're protected, posting the URL to their InstaWallet on some public domain.

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: Raoul Duke on March 27, 2013, 06:51:12 PM

Quote from: SgtSpike on March 27, 2013, 06:30:23 PM

Quote from: DigitalHermit on March 27, 2013, 06:26:52 PM

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656

I feel like I knew about this a long time ago somehow. Did this happen before?

It did.
They said it was because it created a new wallet when google bot visted them. Very quick to write it off.
I'll try and search the thread later. Great lolz will follow

I found this: https://bitcointalksearch.org/topic/m.982779
It might have been TorWallet you were thinking of.

But I did find this: https://bitcointalksearch.org/topic/m.387831
Didn't follow the thread much further. Obviously, Google indexing instawallet pages is a problem that has existed since it started. It seems like this post wasn't taken seriously at all.

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: Raoul Duke on March 27, 2013, 06:51:12 PM

Quote from: SgtSpike on March 27, 2013, 06:30:23 PM

Quote from: DigitalHermit on March 27, 2013, 06:26:52 PM

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656

I feel like I knew about this a long time ago somehow. Did this happen before?

It did.
They said it was because it created a new wallet when google bot visted them. Very quick to write it off.
I'll try and search the thread later. Great lolz will follow

Sweet. My memories are vindicated.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: SgtSpike on March 27, 2013, 06:30:23 PM

Quote from: DigitalHermit on March 27, 2013, 06:26:52 PM

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656

I feel like I knew about this a long time ago somehow. Did this happen before?

It did.
They said it was because it created a new wallet when google bot visted them. Very quick to write it off.
I'll try and search the thread later. Great lolz will follow

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: DigitalHermit on March 27, 2013, 06:26:52 PM

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656

I feel like I knew about this a long time ago somehow. Did this happen before?

DigitalHermit

full member

Activity: 150

Merit: 100

Thank you! Thank you! ...

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656

yodog

member

Activity: 99

Merit: 10

I have filtered 1000$'s of dollars worth of btc thru bitcoinfog, not once has the coins been held up like this on instawallet, or entire wallet disappearing from blockchain.info It had about 3500$ worth of my coins, luckily I had backed up the wallet!!!

rpietila

donator

Activity: 1722

Merit: 1036

Quote from: Raoul Duke on March 17, 2013, 05:38:09 AM

Quote from: yodog on March 17, 2013, 05:31:40 AM

Quote from: yodog on March 16, 2013, 06:27:49 AM

My 52.39 btc is also 'missing' sent from one instawallet to another address and the coins are not showing up in the block chain, and the new address isn't showing up either cause its never been used.....

and yet on the address where the 52.39 btc were sent from shows unspent coins but they are no longer in the instawallet Sad

http://blockchain.info/unspent?active=17iQhdkNpoxYcNNcXodPjTWUqSuTC8XaF4&format=html

The coins showed up to the sent wallet, so everything has been resolved. I know for next time to just use a bitcoin mixer and just pay the 1-3% fee...

You really want to lose your coins, don't you? Grin

If you definitely want to do that, use the easywallet.org. The only online service that I have been able to keep BTC100 for an extended time without anything happening.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: yodog on March 17, 2013, 05:31:40 AM

Quote from: yodog on March 16, 2013, 06:27:49 AM

My 52.39 btc is also 'missing' sent from one instawallet to another address and the coins are not showing up in the block chain, and the new address isn't showing up either cause its never been used.....

and yet on the address where the 52.39 btc were sent from shows unspent coins but they are no longer in the instawallet Sad

http://blockchain.info/unspent?active=17iQhdkNpoxYcNNcXodPjTWUqSuTC8XaF4&format=html

The coins showed up to the sent wallet, so everything has been resolved. I know for next time to just use a bitcoin mixer and just pay the 1-3% fee...

You really want to lose your coins, don't you? Grin

Topic: instawallet has fallen new owner stealing - page 3. (Read 13385 times)